Your Ad Here

mindjack

main | archive | about us | feedback

 

issue: 02/15/2001

- Books
- Games
- Links
- Music
- News
- Software

search mindjack

 

advertise here
email for info


Wire Fraud and Other Childhood Pasttimes

by Shawn FitzGerald

I recently finished reading Masters of Deception: The Gang the Ruled Cyberspace. This was about the members of MOD (Masters of Deception) and LOD (Legion of Doom), focusing mostly on MOD. It got me thinking about my by-gone days as a cracker-script-kiddie-poseur type person. Mostly, I phreaked, and I was probably about half as good at it as anyone could be. The crap I knew would never have gotten me into MOD, though I'm pretty sure if I could have met Phiber or Scorp on the street (maybe at one of those 2600 meetings...) I would have been able to learn enough from them to be dangerous. Of course, I had no way to get to New York. This piece isn’t a review of that book, though I recommend it if you find any of this interesting. It’s by Michelle Slatalla and Joshua Quittner.

Keep in mind as you read this that I’ve used terms in the context of the time. I would never call the script kiddie that keeps trying to take down my DNS a ‘hacker.’ Real hackers are people who whack away at code all day long and are performing a valuable service. The web server software that delivers half the web pages you look at was written by real hackers.

I learned enough on my own to be dangerous only to myself. I never whacked 950 extenders, and god help me I never was so stupid as to use a raped ATT or Sprint number. But, I did scan NUAs on Tymnet quite a bit. Took me a whole week of trading and running extender hacks to get a copy of NUA Scanner, which had only recently been finished by the guy writing it. For some reason I'm thinking it was by Dr. Dissector, though hell, this was years ago.

I've been looking for some of those old programs that I would run in the wee hours of the morning on my 8088 Sears-special IBM clone. The processor on that thing would TURBO to 10Mhz (its base speed was 4.77Mhz) and had a ripping 10MB hard drive. I would run extenders (with a proggie called "Fuckin Hacker"), NUAs, and occasionally war dialing (also with Fuckin Hacker...that app owned) my local extensions looking for carriers. Mostly, the war dialing wouldn't pay off, I'd end up with a list of stupid fax machines. Can't do much with a fax machine, well, except send faxes to it.

I got hooked up calling VMBs all over the place. If the number wasn't toll free on the VMB, I'd scam an extender then call it from a pay phone. A VMB was just a voice mail box. This was in the mid 80’s, and electronic voice mail was fairly uncommon. Certain companies would have voice mail for their employees, and people would hack the mail boxes and take them over for a while. The sad thing is that many of them would be good for days and days, which shows you how often people would check their voice mail. Someone would hack a VMB, then use it to gather and distribute info. I knew this guy named Stalker, who would change his VMB message every day. He'd mostly post long distance codez, but every so often he'd share a system or two with a login and password. Then, other guys would leave voice messages with other codez and info, which would go up on the next days message. VMBs were one of the best ways to get codes, but you'd better only use them the day you got them. There was a pretty good chance that once they were up on a VMB they were already stale, which means the poster had already used it for a bit and didn't want the heat on it anymore.

Actually, I would do this kind of thing on purpose. I'd run extenders all night and end up with maybe 2-8 codez in my result file the next morning. I'd use each one of these codez for about two, maybe three calls, then I would post the codez to a BBS or two, as well as a VMB. This would ensure that the code would get hammered beyond belief, so my one or two calls on it wouldn't look that odd once the provider was on to the fact that it had been hacked.

Things didn't start getting hairy (or scary) for me until I started hanging on the New York boards. This is pretty much where all of the serious shit went down. There were hackers up the wazoo in NY. Many of the boards in NY I was on had ties to MOD, or at least the sysops claimed to have ties to MOD. They were probably lying. I know I never ran into Phiber on any board.

I used to go by the handle Zoso quite a bit. It was a pretty lame handle, but I thought it was clever at the time. (It comes from the first symbol on the Led Zeppelin IV album cover) Things got weird for me when some lamer in Ann Arbor posted to a bunch of boards where I had a good reputation that I was a judge. I immediately got my access tossed in most of the places where I was considered cool (or, excuse me, Elite (people didn't start spelling it '31337' until later)(you want to know secret 'hacker code'? Then type nothing but 31337 into a Google search sometime and see what crops up). I was pissed, but there was nothing to do. The Zoso rumors were pretty much contained to the Ann Arbor area, which was pretty lame as far as the Elite world was concerned. I still had access to my NY boards, but I also wasn't hot shit there by any stretch of the imagination. In Ann Arbor, I was hot shit. In NY, I was just one of many kids that had a semi-steady supply of fresh codez and NUAs for trade. I changed my handle in Ann Arbor to The Glass Onion (which was much cooler than Zoso anyway). Pretty soon, Onion was hot shit in Ann Arbor, since I was one of the only people that could come up with codez around there.

NUA Scanner was one of my best friends, and it helped get me in on some of the tougher boards in NY. I managed to get a copy of it by pretending to be a girl on one board. Gender switching on-line was a pretty novel concept back then. Remember, hardly anyone had a computer, and even fewer people had modems. Even in the underground community I hung with, hardly anyone knew what the hell the Internet was. Hardly anyone cared about it anyway, since it was mostly university Unix machines. (The sad thing is that at the time I knew some Unix...not a lot, but the little I knew probably could have gotten me into some pretty Elite boards...oh well) More people were concerned with Tymnet. Hah, now everyone and their dog knows what the Internet is, but who the hell nowadays has heard of Tymnet? Does it even still exist? So I pretended to be a girl, and got access to a board without having to prove I knew anything or had anything to trade. I swiftly raided the file areas and grabbed the NUA scanner before anyone knew I was there. I now had something most people didn't have (and certainly something those lamers in Ann Arbor didn't have).

So I'd scan NUAs and have the Tymnet addresses of loads of computers. I never tried to crack any of them (okay, maybe a couple), I would just trade the addresses with other people, who would then try to crack them. The thing was, these other guys would try to crack one of those systems, thinking if they did they could use that exploit to get into some gang or other. Well, maybe...I wasn't interested in stupid hacker gangs anyway...I just wanted to figure things out. My never ending stream of NUAs got me into some pretty choice boards in NYC.

My typical day back then started pretty late. Before I went to bed at about 2AM or so, I would start scanning extenders or NUAs. I'd wake up, and write down all of the codes or addresses that were in my result files on a piece of paper. I'd then erase the files from my computer. At some point I would probably go to work at the church for a while, that day, where I stashed my little notebook. I called it my spellbook, and it said write on the cover, "Zoso's magic spellbook." Inside were pages of codez, notes, VMB numbers, and system addresses. I kept this notebook stashed in one of the tunnels in the church that were used to access the steam pipes. I got really paranoid about all this, since this was right about the same time Operation Sundevil went down. The spellbook was either in my pocket (if I needed it at a Fortress Fone) or in the steam tunnels. Period.

I'd log on to various boards later at night and start looking for neat things. First I'd dial up the MI educational network, Merit, and connect to the U of M dial-out pool This was the sweetest thing, and the fact that it even existed shows you how concerned people were with security. This was a pool of 30 or so modems at U of M that you could connect to, then make calls FROM...for free. You didn't even have to log-in or ANYTHING...there was no way for them to know, who was using what modem at any given time. What made it even better is that I would hit my local Merit node, then hop between 4 other nodes, eventually hitting the U of M node from either Houghton or Traverse City. This made it even harder to trace. All of this crap was set up inside Merit, you didn't even have to do anything special, I wouldn't even call it a hack. Stupid, stupid, stupid. From those U of M dialouts, I'd connect to an Ann Arbor board (local call from Ann Arbor to Ann Arbor). Or, I'd hit a NY board. To hit the NY board I'd need an extender, which I would run off the UM dialouts. If the provider ever traced the call back, it would show up as originating from a phone line owned by U of M.

On these boards, I’d poke around for new codez, new programs, maybe download a game, or read a War Board for a while if I was really bored. Flame wars are not new things, and the underground community probably had way more of them than say, The Well. They were so common that most underground BBSs had special message boards called War Boards just for flaming. Since most of the users on these boards were either Jr. High or High School boys, these flame wars consisted mostly of name calling, and were generally pretty boring. I did learn some pretty creative insults from reading them on occasion.

What I eventually discovered is that I had gotten myself into a cycle. I would get codes to trade for new codez, to get access to better boards with better codez. I wasn’t really learning anything new, so what was the point? The thrill of doing these naughty things began to wear thin. Besides, I had just started college as well, and started dating my first girlfriend at about this time. This was, at the time, more of a thrill.

Zoso retired with little fanfare. I didn’t do any phreaking or code scanning for months. Then I got bored one night and cracked open my spellbook. I called a couple of VMBs and was amazed that in three months the owners of these mail boxes had realized they had been hacked. I called some New York boards and sent a couple of messages to Stalker. He had this great new extender file he said I should try. An extender file was just a list of 800 numbers for long distance carriers, like the phone number you dial on the back of those pre-paid phone cards. Attached to each number was a pattern that indicated how the access code for the service worked. If the access code was 16 digits long, frequently only 8 of those digits would be random. This file just indicated which numbers were random, so the computer didn’t have to guess as many numbers. I plugged this extender file into Fuckin Hacker and ran it all night, for the first time in months. At about 3AM my mom got a phone call. It seemed Stalker’s little wonder-file was dialing a computer instead of a phone carrier. This was at some company doing defense contracting for the DOD, and since the calls started coming in after 5PM, an alarm went off and three guys got paged. They hauled ass into their office and started tracing the call. Then they called my mom. Great, that’s just great. The guy on the phone wanted to know where the hell I got this phone number, and why I was dialing it 15 times in a row. He told my mom he had called another kid who was dialing it that same night, and the kid told him he got it out of a computer magazine. Hey, that kid is smart, “Oh yeah, that’s where I got it too.” He then told her if the number was dialed again, he would have to call the FBI, the Secret Service, and one other “Agency.”

I still don’t know exactly what this other “agency” was, but I can guess. Thanks Stalker, you’re a real pal. Hell, I don’t even know if this guy on the phone was telling the truth, and I didn’t care. If all he wanted to do was scare me, it worked.

I burned Zoso’s spellbook the next day.

b i o :
Shawn FitzGerald spends his spare time in front of his Mac trying to do constructive things, but usually ends up screwing around.

   

main | archive | about us | feedback